Try logging autograph failures (#150)

mozilla-releng · Oct 7, 2019 · 7ba0ac2 · 7ba0ac2
1 parent b8c2656
commit 7ba0ac2
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 3 deletions.
diff --git a/src/signingscript/sign.py b/src/signingscript/sign.py
@@ -1375,9 +1375,13 @@ async def sign_authenticode_file(context, orig_path, fmt):
 
     def signer(digest, digest_algo):
         thread_loop = asyncio.new_event_loop()
-        return thread_loop.run_until_complete(
-            sign_hash_with_autograph(context, digest, fmt)
-        )
+        try:
+            return thread_loop.run_until_complete(
+                sign_hash_with_autograph(context, digest, fmt)
+            )
+        except Exception:
+            log.exception("Error signing authenticode hash with autograph")
+            raise
 
     def sign_file():
         infile = orig_path

diff --git a/tests/test_sign.py b/tests/test_sign.py
@@ -1462,6 +1462,32 @@ def mocked_winsign(infile, outfile, *args, **kwargs):
         await sign.sign_authenticode_zip(context, test_file, "autograph_authenticode")
 
 
+@pytest.mark.asyncio
+async def test_authenticode_sign_authenticode_error(tmpdir, mocker, context, caplog):
+    context.config["authenticode_cert"] = os.path.join(TEST_DATA_DIR, "windows.crt")
+    context.config["authenticode_url"] = "https://example.com"
+    context.config["authenticode_timestamp_style"] = None
+
+    test_file = os.path.join(tmpdir, "windows.zip")
+    shutil.copyfile(os.path.join(TEST_DATA_DIR, "windows.zip"), test_file)
+
+    def mocked_authenticode_sign(infile, outfile, *args, **kwargs):
+        raise Exception("BAD!")
+
+    def mocked_winsign(infile, outfile, digest_algo, certs, signer, **kwargs):
+        signer("", "")
+        shutil.copyfile(infile, outfile)
+        return True
+
+    mocker.patch.object(sign, "sign_hash_with_autograph", mocked_authenticode_sign)
+    mocker.patch.object(winsign.sign, "sign_file", mocked_winsign)
+
+    with pytest.raises(Exception):
+        await sign.sign_authenticode_zip(context, test_file, "autograph_authenticode")
+
+    assert "BAD!" in caplog.text
+
+
 @pytest.mark.asyncio
 async def test_authenticode_sign_single_file(tmpdir, mocker, context):
     context.config["authenticode_cert"] = os.path.join(TEST_DATA_DIR, "windows.crt")